The goal of challenge (made by root-boy) was to get access to a flag protected by authentification. The challenge consists of a form with 3 fields:
  • Login
  • Password
  • Confirmation code
Trying to bypass the authentification through these 3 input fields should not lead to anything interesting so where can we feed our evil input ? You might have noticed that the form uses cookies. The good news is that the one named "cap" is vulnerable to SQL injections.

Résumé des préqualifications pour le CTF de la Nuit du Hack 2011

Syndicate content